- be OpenID Connect based on OAuth2 rather than plain OpenID.
- support daily key rotation
- i.e. the keys published at our jwks endpopint endpoint will change every 24 hours. This is usually handled automatically by whichever OpenID Connect framework you are using.
- support multiple providers so that Keystone can be used alongside any other OpenID Connect login options you do or may want to provide (e.g. Google).
What would you like to do today?